New York City Police Department Auxiliary Officer Charged with Hacking into NYPD Computer and FBI Database

New York City Police Department Auxiliary Officer Charged with Hacking into NYPD Computer and FBI Database

Earlier today, a criminal complaint was unsealed charging Yehuda Katz, a New York City Police Department (NYPD) Auxiliary Deputy Inspector assigned to the 70th Precinct in Brooklyn, with executing a scheme to hack into a restricted NYPD computer and other sensitive law enforcement databases. The defendant was arrested earlier this morning and will have his initial appearance this afternoon at the U.S. Courthouse, 225 Cadman Plaza East, Brooklyn, New York, before United States Magistrate Judge James Orenstein.

The charges and arrest were announced by Loretta E. Lynch, United States Attorney for the Eastern District of New York, Diego G. Rodriguez, Assistant Director-in-Charge, Federal Bureau of Investigation (FBI), New York Field Office, and William J. Bratton, Commissioner of the New York City Police Department.

“The defendant allegedly used his position as an auxiliary officer to hack into restricted computers and networks in order to obtain the personal information of thousands of citizens in a scheme to enrich himself through fraud,” stated United States Attorney Lynch. “The threat posed by those who abuse positions of trust to engage in insider attacks is serious, and we will continue to work closely with our law enforcement partners to vigorously prosecute such attacks.” Ms. Lynch expressed her grateful appreciation to the FBI and the NYPD’s Internal Affairs Bureau, which worked together closely to investigate the case.

“As alleged, Katz illegally accessed sensitive law enforcement computer systems for his own personal gain. This type of behavior betrays the public’s trust and cannot be tolerated. We entrust our public servants to safeguard confidential information and not prey upon victims, and we will continue to work with our partners to prosecute those who engage in this type of criminal activity,” stated FBI Assistant Director-in-Charge Rodriguez.

“This case is a clear example of the collaborative effort between federal prosecutors, the FBI, and the NYPD’s Internal Affairs Bureau to weed out individuals who allegedly violate the Department’s trust,” said Police Commissioner Bratton.

According to the complaint, the defendant surreptitiously installed multiple electronic devices in the Traffic Safety Office of the NYPD’s 70th Precinct that allowed him to remotely access restricted NYPD computers and law enforcement databases, including one maintained by the FBI, that he did not have permission to access. One of the electronic devices installed by the defendant contained a hidden camera that captured a live image of the Traffic Safety Office and was capable of live-streaming that image over the Internet. The second electronic device was connected to one of the computers in the Traffic Safety Office and allowed the computer to be accessed and controlled remotely.

As alleged in the complaint, investigators with the NYPD’s Internal Affairs Bureau and the FBI determined that the devices had been used to allow the defendant to remotely log onto an NYPD computer using usernames and passwords belonging to NYPD uniformed officers. Thereafter, the defendant ran thousands of queries in databases, including a restricted law enforcement database maintained by the FBI, for information, including the personal identifying information of victims, related to traffic accidents in the greater New York City area.

The complaint further alleges that, after the defendant accessed the NYPD computer and law enforcement databases, he contacted individuals who had been involved in traffic accidents and falsely claimed to be, among others, an attorney with the fictitious “Katz and Katz law firm” who could assist them with potential legal claims. Letters sent by the defendant to accident victims included claims such as “I can advise you with 100% confidence that I can resolve this claim in your favor,” and “My fee is 14 percent only when you collect. And I know that you will collect.” All told, according to the complaint, between May and August 2014, the defendant ran over 6,400 queries in sensitive law enforcement databases that he accessed remotely via the compromised NYPD computer for information related to traffic accidents.

The charges in the complaint are merely allegations, and the defendant is presumed innocent unless and until proven guilty. If convicted, the defendant faces a maximum sentence of 10 years.

The government’s case is being prosecuted by Assistant United States Attorneys Samuel P. Nitze and Peter W. Baldwin, with assistance provided by the Computer Crime and Intellectual Property Section of the Department of Justice.